Administrator

Using SSL Between a Client and SAP Mobile Platform Server

Use SSL to secure HTTPS channel communication between a client (a device) and SAP Mobile Platform Server.

Context

The self-signed certificate smp_crt is created during installation and contains the fully qualified domain name of the system as its CN. By default, the same certificate is configured for all secure connections in SAP Mobile Platform Server. Because this certificate is self-signed, it does not have any CA for validation. Use a PKI system and a trusted CA to generate production-ready certificates and keys that encrypt communication between the client and the server.

Procedure

  1. Use Management Cockpit to create an application with an HTTP/HTTPS back end.
  2. Place the CA of the server certificate into the client keystore.
  3. Connect to the server. When you connect to the server using HTTPS, the server sends back its certificate.
    1. For one-way SSL, connect using https://<servername>:8081/.
    2. For mutual SSL, connect using https://<servername>:8082/.
  4. Validate the server certificate from the application. If the server certificate is valid, both will exchange cipher; which is used for encoding further communication.
  5. Upon successful certificate validation, SAP Mobile Platform establishes a client-to-server connection, and further request responses occur using the secure channel until the session expires.